Local authorities—perhaps because they walk in the footsteps of republican tradition—often appear as guarantors of protection and security in the eyes of citizens, elected representatives and even territorial officers. Security of proximity, security of the service provided as part of State or municipal activities (we too often forget that mayors are also officers of the State), security of the administrative process, etc.: between the citizens and their local authority, a pact of trust remains.
But in their inexorable modernisation process, local authorities somehow find themselves in deep water, with increased bureaucracy due to higher transfers of responsibilities; greater dematerialisation for data collection and administrative documents; and changes in working methods increasingly based on new connected technologies. On the citizen’s side, we find a paradoxical injunction: on the one hand, the wish to have access to more and more information, preferably easily and without delay and, on the other hand, the desire to believe that privacy is still meaningful in a “Digital Republic” and on a global scale.
It is therefore a two-tier revolution: the data collected is kept in a virtual safe that offers some security guarantees (at least visual ones) but the safe’s door is ajar. Disclosure, misuse, malicious use, alteration and the like are permanent threats that must be anticipated. Civil status information, building permits and other urban planning documents, budget documents, etc… are the foundations of our society’s organisation. How can we prove a birth if it is not registered by municipal services, or—worse—if the birth certificate disappears? The local authority is the guarantor of the microlinks of national cohesion.
Let us go one step further: if the municipal entity is seen as “the small homeland”, any cyberattack targeting it would de facto operate as a cluster bomb targeting the State. Let us imagine that all building permits or civil status documents of all local authorities are attacked at the same time, what solution would remain to avoid major chaos?
Moreover, it must be noted that while pace has accelerated, changes have taken place gradually without formally asking questions such as the perception of security issues, the awareness and training levels, and the disaster protocols, unlike in the case of a local authority back-up and protection plan (French ‘PCS’).
Incidentally, and with a certain form of reticence, the attacked local authorities struggle to communicate on what they interpret—in spite of everything and with a feeling of guilt—as failures and breaches that they find difficult to acknowledge. The polymorphous nature of the attacks—ranging from the schoolboyish defacing of a city’s website to cyber blackmail regarding the destruction of budget documents and to misappropriation of the banking data of citizens accessing the municipality’s paid services—wreaks havoc among elected officials, who are very brutally put up against the wall, without preparation nor parade. In fact, if they feel responsible for having unwillingly broken the pact of trust that binds them to their constituents, they are truly responsible for the services rendered unavailable or for the damage—sometimes physical—caused by an incident or attack.
It is therefore more than urgent to address these subjects methodically and to set up a dedramatised and relevant support for local authorities. The Association of Mayors of France can thus only be pleased to see that the FIC programme includes such challenges that are essential for the peaceful future of the municipal entities that manage the daily lives of our fellow citizens.
- EncroChat: Deciphering of the End-to-End Encryption Service Used by Criminals Cybercrime
- Preserving Digital Footprints and Cyber Resilience: Training the Swiss Police Cybercrime
- Ransomware in Six Questions (by the Ministerial Delegation to the Security Industries and the Fight Against Cyberthreats, French Ministry of the Interior) Cybercrime